mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 14:51:30 +00:00

Files

T

shankar0123 0729ee46e0 chore: sweep github.com/shankar0123/certctl URL refs to certctl-io/certctl

Post-transfer cosmetic + release-critical URL refresh after moving the
repo from github.com/shankar0123/certctl to github.com/certctl-io/certctl
(2026-05-03). GitHub HTTP redirects continue to forward old URLs forever,
so existing operators are not broken — but aligns the canonical
references with the new owner so:

- procurement engineers / contributors browsing the docs see the right
  URL on first read
- operators copying the agent install one-liner hit the new path
  directly without going through a redirect
- the Helm chart's default image repository points at the canonical org
  registry path
- the OnboardingWizard rendered to first-run UI users shows the new
  URL in the install snippets and doc anchor links
- the GitHub Actions release workflow pushes container images to
  ghcr.io/certctl-io/certctl-{server,agent} (was: shankar0123)
- the release-notes Markdown body in release.yml — which gets stamped
  into every future release page — references the post-transfer
  cert-identity (cosign keyless signing now uses the certctl-io
  workflow URL) and the post-transfer SLSA provenance source-uri.
  Without this, every cosign verify / slsa-verifier command on a
  v2.1.0+ release would fail because the cert-identity-regexp would
  not match the signing identity GitHub Actions OIDC issues post-
  transfer. Old releases (v2.0.67 and earlier) keep their immutable
  release-notes pointing at the shankar0123 path and remain
  verifiable via their own published instructions.

Customer impact:
- Operators on ghcr.io/shankar0123/certctl-{server,agent}:latest
  silently freeze on whatever tag was current at transfer time. They
  get no errors; they just stop receiving updates. The next release
  notes need a one-line callout (Phase 3.1 of cowork/transfer-
  certctl-to-org.md) telling them to update their image path to
  ghcr.io/certctl-io/certctl-{server,agent}.
- All other URLs (git clone, install one-liner, raw.githubusercontent
  URLs, browser links, GitHub API) continue to resolve via permanent
  HTTP redirects. The sweep is cosmetic for those.

Files swept (30 total):
  .github/workflows/release.yml — IMAGE_NAMESPACE, source-uri,
    cosign cert-identity-regexp, IMAGE= snippet (5 refs total).
  CHANGELOG.md, README.md — anchor links, badges, install one-liner,
    cosign verify snippets in operator-facing sections.
  api/openapi.yaml — info / externalDocs URLs.
  install-agent.sh — GITHUB_REPO const + systemd unit Documentation=
    field.
  deploy/ENVIRONMENTS.md, deploy/helm/{CHART_SUMMARY,INDEX,
    INSTALLATION,README}.md, deploy/helm/certctl/{Chart.yaml,
    README.md,values.yaml}, deploy/helm/examples/values-*.yaml —
    chart docs + image repository defaults across dev / prod-ha
    overrides.
  docs/{certctl-for-cert-manager-users,connector-iis,connectors,
    migrate-from-acmesh,migrate-from-certbot,quickstart,test-env,
    why-certctl}.md — operator-facing doc URLs.
  examples/{acme-nginx,acme-wildcard-dns01,multi-issuer,
    private-ca-traefik,step-ca-haproxy}/docker-compose.yml +
    examples/step-ca-haproxy/step-ca-haproxy.md — example image:
    paths and accompanying narrative.
  web/src/pages/OnboardingWizard.tsx — first-run-UI URL refs (curl
    install one-liners, agent docker image path, doc anchor links).

Files intentionally NOT swept (Choice A from cowork/transfer-certctl-
to-org.md):
  go.mod, go.sum — module declaration stays github.com/shankar0123/
    certctl. Existing imports compile because Go uses the path
    declared in go.mod, not the URL it was fetched from. Internal-
    only project; no external Go consumers; rename will land as a
    mechanical sed when one materializes.
  ~250 *.go files — every import remains github.com/shankar0123/
    certctl/internal/...
  deploy/test/f5-mock-icontrol/go.mod — separate test sub-module;
    same Choice A logic; module path stays.

Files intentionally NOT swept (other reasons):
  README.md lines 244-245 — Scarf-pixel docker-pull commands.
    shankar0123.docker.scarf.sh/... is a Scarf-account hostname
    (per-user, not per-repo) and the pixel keeps tracking pulls
    against the operator's personal Scarf account. Migrating to a
    certctl-io Scarf account is a separate decision (create org
    Scarf account → re-create package → update README).
  deploy/test/f5-mock-icontrol/f5-mock-icontrol — checked-in
    compiled binary with shankar0123/certctl baked into Go build
    info via the sub-module path. Out of scope for a URL sweep;
    will refresh on the next `make test-integration` rebuild.

Verification:
  gofmt: clean (no .go files touched).
  go vet ./...: clean (verified at this SHA in 1.3 of the transfer
    checklist; no .go changes since).
  go build ./...: clean (same).
  go test -short on representative packages: green (same).
  Diff shape: 30 files, 74 insertions / 74 deletions, net-zero size,
    pure URL substitution.

2026-05-03 23:39:50 +00:00

7.6 KiB

Raw Permalink Blame History

Certctl Helm Chart - Complete File Index

Getting Started

Start here: INSTALLATION.md - Quick installation guide with one-liners
Full reference: README.md - Complete Helm chart documentation
Detailed guide: DEPLOYMENT_GUIDE.md - Step-by-step deployment walkthrough
Architecture: CHART_SUMMARY.md - Technical overview and design

Chart Directory Structure

deploy/helm/
│
├── README.md                           Main documentation (15 KB)
├── DEPLOYMENT_GUIDE.md                 Step-by-step guide (12 KB)
├── CHART_SUMMARY.md                    Architecture & design (13 KB)
├── INSTALLATION.md                     Quick start (2.2 KB)
├── INDEX.md                            This file
│
├── certctl/                            Helm chart package
│   ├── Chart.yaml                      Chart metadata
│   ├── values.yaml                     Default configuration (11 KB)
│   ├── .helmignore                     Build ignore patterns
│   │
│   └── templates/                      15 Kubernetes resource templates
│       ├── _helpers.tpl                Helper functions
│       ├── NOTES.txt                   Post-install notes
│       ├── server-deployment.yaml      API server
│       ├── server-service.yaml         Server networking
│       ├── server-configmap.yaml       Server configuration
│       ├── server-secret.yaml          Server secrets
│       ├── postgres-statefulset.yaml   Database
│       ├── postgres-service.yaml       Database networking
│       ├── postgres-secret.yaml        Database secrets
│       ├── agent-daemonset.yaml        Agents (DaemonSet/Deployment)
│       ├── agent-configmap.yaml        Agent configuration
│       ├── ingress.yaml                Optional HTTPS ingress
│       └── serviceaccount.yaml         RBAC resources
│
└── examples/                           Example configurations
    ├── values-dev.yaml                 Development setup
    ├── values-prod-ha.yaml             Production HA setup
    ├── values-external-db.yaml         External PostgreSQL
    └── values-acme-dns01.yaml          ACME DNS-01 configuration

File Descriptions

Documentation Files

File	Purpose	Size
`README.md`	Complete Helm chart documentation, configuration reference, security considerations	15 KB
`DEPLOYMENT_GUIDE.md`	Step-by-step installation instructions, production setup, troubleshooting	12 KB
`CHART_SUMMARY.md`	Technical overview, architecture, features, best practices	13 KB
`INSTALLATION.md`	Quick start guide, one-liner commands, verification steps	2.2 KB
`INDEX.md`	This file - complete file index and navigation	-

Chart Files

File	Purpose
`Chart.yaml`	Helm chart metadata (name, version, appVersion, license)
`values.yaml`	Default configuration values with comprehensive comments
`.helmignore`	Files to ignore when building the chart

Template Files

File	Components Created
`_helpers.tpl`	14 Helm template helper functions
`NOTES.txt`	Post-installation notes and instructions
`server-deployment.yaml`	Certctl API server deployment (1-N replicas)
`server-service.yaml`	Service exposing the server
`server-configmap.yaml`	Non-secret server configuration
`server-secret.yaml`	Secrets (API key, DB password, SMTP)
`postgres-statefulset.yaml`	PostgreSQL database with persistent storage
`postgres-service.yaml`	Headless service for PostgreSQL
`postgres-secret.yaml`	Database credentials
`agent-daemonset.yaml`	Certctl agents (DaemonSet or Deployment)
`agent-configmap.yaml`	Agent configuration
`ingress.yaml`	Optional HTTPS ingress resource
`serviceaccount.yaml`	ServiceAccount and RBAC resources

Example Configuration Files

File	Use Case	Features
`values-dev.yaml`	Development/testing	Single replica, debug logging, LoadBalancer, no auth
`values-prod-ha.yaml`	Production HA	3 replicas, pod anti-affinity, monitoring, large storage
`values-external-db.yaml`	External PostgreSQL	AWS RDS, Cloud SQL, Azure Database, self-managed
`values-acme-dns01.yaml`	Let's Encrypt	DNS-01 challenges, wildcard certs, custom DNS scripts

Quick Links

Installation Commands

Development

helm install certctl certctl/ \
  --set server.auth.type=none \
  --set postgresql.auth.password=dev

Production HA

helm install certctl certctl/ \
  --values examples/values-prod-ha.yaml \
  --set server.auth.apiKey="$(openssl rand -base64 32)" \
  --set postgresql.auth.password="$(openssl rand -base64 32)"

External Database

helm install certctl certctl/ \
  --values examples/values-external-db.yaml \
  --set postgresql.enabled=false \
  --set 'server.env.CERTCTL_DATABASE_URL=postgres://...'

Verification Commands

# Check chart syntax
helm lint certctl/
helm template certctl certctl/

# Install in cluster
helm install certctl certctl/
helm status certctl

# Check pod status
kubectl get pods -l app.kubernetes.io/instance=certctl

# View logs
kubectl logs -l app.kubernetes.io/component=server -f

Documentation Organization

By User Role

DevOps/Platform Engineers

Start: INSTALLATION.md
Deep dive: DEPLOYMENT_GUIDE.md
Configuration reference: README.md

Kubernetes Developers

Architecture: CHART_SUMMARY.md
Configuration: values.yaml
Templates: templates/

Security/SREs

Security section: README.md#security-considerations
RBAC: templates/serviceaccount.yaml
Network policies: DEPLOYMENT_GUIDE.md#network-policies

Database Administrators

PostgreSQL config: values.yaml (postgresql section)
External DB setup: examples/values-external-db.yaml
Backup/restore: DEPLOYMENT_GUIDE.md#backup-and-restore

By Task

Getting Started

Read: INSTALLATION.md
Install: helm install certctl certctl/
Verify: Run commands in INSTALLATION.md

Production Deployment

Read: DEPLOYMENT_GUIDE.md
Choose: examples/values-prod-ha.yaml
Deploy: Follow step-by-step guide
Reference: README.md for detailed options

Troubleshooting

Common issues: README.md#troubleshooting
Detailed guide: DEPLOYMENT_GUIDE.md#troubleshooting
Error messages: kubectl logs and events

Configuration

All options: values.yaml
Examples: examples/values-*.yaml
Detailed docs: README.md#configuration

Key Features

High Availability

Multi-replica server deployment
Pod anti-affinity
StatefulSet for database
Pod disruption budgets

Security

Non-root containers
Read-only filesystems
RBAC support
Kubernetes Secrets
Network policies

Flexibility

Multiple issuers (Local CA, ACME, step-ca, OpenSSL)
Internal or external PostgreSQL
DaemonSet or Deployment agents
Optional Ingress with TLS
Email notifications

Observability

Health checks
Structured logging
Prometheus metrics
ServiceMonitor support

Support

GitHub: https://github.com/certctl-io/certctl
Issues: Report on GitHub issues
Documentation: All docs are in deploy/helm/

File Statistics

Total files: 24
Documentation: 4 files (42 KB)
Chart files: 3 files
Templates: 13 files
Examples: 4 files
Total size: 144 KB

License

All files are covered under the BSL-1.1 license.

7.6 KiB Raw Permalink Blame History